How is CVE-2026-12012 exploited?

Network reachability (info): The attacker must occupy a privileged position on the network path (for example, a compromised router, rogue access point, or VPN hop) to intercept or inject malicious traffic toward the target; AV:N/AC:H places this in the adjacent-to-path rather than arbitrary-internet category. Authentication (not-required): No credentials or session token of any kind are needed; the exploit is delivered entirely through malicious network traffic. Victim interaction (not-required): The victim does not need to click a link, open a file, or take any other action for the exploit to trigger. Attack complexity (info): Attack complexity is high, meaning the attacker must engineer or wait for specific network-path conditions (such as controlling a routing hop) rather than firing the exploit freely from any location.

What is the impact of CVE-2026-12012?

Attacker reads memory contents of the browser process, including stored session tokens, autofill credentials, and in-flight request or response data. Attacker writes arbitrary data into heap memory, enabling modification of in-browser state such as rendered page content or cached resources. Heap corruption enables arbitrary code execution within the Chrome renderer or network service process at the privilege level of the browser. Full compromise of the affected service is possible, meaning the attacker can pivot from the corrupted process to further host-level attacks depending on sandbox escape capability.

Back to search

HIGHCVE-2026-12012Published 2026-06-11Modified 2026-06-12CNA Chrome

CVE-2026-12012: Use after free in Network in Google Chrome prior to 149

Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)

CVSS v3.1: 8.1
Severity: HIGH
Fixed in: 149.0.7827.115
Affected Products: 1

HarborGuard Analysis

Synopsis

Use-after-free in the Network component of Google Chrome prior to version 149.0.7827.115 allows an attacker in a privileged network position to exploit heap corruption by sending malicious network traffic. No authentication or victim interaction is required, though the attacker must occupy a position on the network path between the victim and a remote server (for example, a compromised router, a malicious access point, or a VPN endpoint). Successful exploitation gives the attacker full read, write, and execution capability within the browser process, enabling data theft, content tampering, and arbitrary code execution. A patched-image rebuild at 149.0.7827.115 is available on HarborGuard for environments running an affected version of Chrome.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in registries and CI/CD pipelines, including custom-built images that bundle Chrome or Chromium as a dependency.

Available

Triage

HarborGuard scores this CVE at 8.1 HIGH using the published CVSS v3.1 vector and can weight that score against each environment's compliance policy before routing the finding to the appropriate team inbox within the customer org.

Available

Patch

A patched-image rebuild pinned to Chrome 149.0.7827.115 is available on HarborGuard for any image found to carry an affected version. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled.

Available

Exploit Conditions

Network reachabilityDetail
The attacker must occupy a privileged position on the network path (for example, a compromised router, rogue access point, or VPN hop) to intercept or inject malicious traffic toward the target; AV:N/AC:H places this in the adjacent-to-path rather than arbitrary-internet category.
AuthenticationNot required
No credentials or session token of any kind are needed; the exploit is delivered entirely through malicious network traffic.
Victim interactionNot required
The victim does not need to click a link, open a file, or take any other action for the exploit to trigger.
Attack complexityDetail
Attack complexity is high, meaning the attacker must engineer or wait for specific network-path conditions (such as controlling a routing hop) rather than firing the exploit freely from any location.

Blast Radius

Attacker reads memory contents of the browser process, including stored session tokens, autofill credentials, and in-flight request or response data.
Attacker writes arbitrary data into heap memory, enabling modification of in-browser state such as rendered page content or cached resources.
Heap corruption enables arbitrary code execution within the Chrome renderer or network service process at the privilege level of the browser.
Full compromise of the affected service is possible, meaning the attacker can pivot from the corrupted process to further host-level attacks depending on sandbox escape capability.

How HarborGuard Handles This

Available on HarborGuard: the fix version 149.0.7827.115 is tracked, and a patched-image rebuild is available for any customer image found to include an affected Chrome or Chromium binary. For customers who opt into auto-remediation, HarborGuard rebuilds the image, executes a regression test run, and opens a pull request against affected workloads automatically; for high-severity CVEs like this one, the median time from publication to a merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the finding is routed to the designated team inbox with the CVSS 8.1 HIGH score and full vector context attached. Because this vulnerability requires a privileged network position rather than arbitrary internet access, customers who cannot update immediately should consider network-policy controls that restrict unexpected routing hops to Chrome-running workloads as a compensating control until the rebuild is applied.

See how HarborGuard automates this

Fix available

149.0.7827.115

Affected packages

Google / Chrome
< 149.0.7827.115 (from 149.0.7827.115)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available